RE: Converting ASCII logs to Unified Format

["Esler, Joel CNTR/Sytex" <joel.esler () rcert-s army mil>]

So, I am guessing that you can an alert file you want to convert?

On Mon, 2005-03-14 at 08:19 -0800, Jim O'Leary wrote:

> I should clarify that I was given the Snort log files from an external
> source, not from my own Snort.conf. I need to convert these text files
> into unified so Barnyard can stick them into MySQL.
>
>         -----Original Message-----
>         From: Esler, Joel CNTR/Sytex [mailto:joel.esler@rcert-
>         s.army.mil] 
>         Sent: Monday, March 14, 2005 8:16 AM
>         To: Jim O'Leary
>         Cc: snort-users () lists sourceforge net
>         Subject: Re: [Snort-users] Converting ASCII logs to Unified
>         Format
>         
>         
>         Unified format is completely different from the ASCII log.  I
>         would double check your Snort.conf settings.
>         
>         J
>         
>         On Sat, 2005-03-12 at 22:03 -0800, Jim O'Leary wrote:
>         
>         > I have Snort set up so that it outputs logs and alerts to
>         > the binary "unified" format. I also have barnyard set  up so
>         > that it reads those binary files and sticks them into a
>         > MySQL database. 
>         >  
>         > The problem is, I've been given a group of Snort output
>         > files that are in the ASCII format.  How do I convert these
>         > files to "unified" so I can get barnyard to stick them into
>         > MySQL?
>         >  
>         > Thanks 
>         
>         -- 
>         Esler, Joel CNTR/Sytex <joel.esler () rcert-s army mil> 

-- 
Esler, Joel CNTR/Sytex <joel.esler () rcert-s army mil>